On Mon, 3 Nov 2025 at 16:08, Emmanuel Bourg <[email protected]> wrote: > > On 31/10/2025 18:19, Matt Benson wrote: > > I also find the level of noise astounding here, and see no reason to pull > > in weekly updates when the release cadence of components is on the order of > > months or more likely years. Why not upgrade dependencies only when a > > component is nearing a release? > > +1 > > And I suggest disabling dependabot on components last released more than > 2 years ago. For example Digester last released 14 years ago doesn't > need weekly dependency updates.
Good idea. I've just looked at dependabot commits for October in Digester: $ git -C digester log --pretty=format:"%ad %an: %s" | fgrep dependabot[bot] 2025-10-31 05:43:31 -0400 dependabot[bot]: Bump github/codeql-action from 4.30.9 to 4.31.2 (#280) 2025-10-31 05:43:06 -0400 dependabot[bot]: Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#281) 2025-10-24 02:32:10 -0400 dependabot[bot]: Bump github/codeql-action from 4.30.8 to 4.30.9 (#278) 2025-10-17 05:10:58 -0400 dependabot[bot]: Bump actions/dependency-review-action from 4.8.0 to 4.8.1 (#275) 2025-10-17 05:09:46 -0400 dependabot[bot]: Bump github/codeql-action from 4.30.7 to 4.30.8 (#276) 2025-10-10 06:05:16 -0400 dependabot[bot]: Bump github/codeql-action from 3.30.6 to 4.30.7 (#273) 2025-10-03 03:54:11 -0400 dependabot[bot]: Bump actions/dependency-review-action from 4.7.3 to 4.8.0 (#271) 2025-10-03 03:53:55 -0400 dependabot[bot]: Bump ossf/scorecard-action from 2.4.2 to 2.4.3 (#272) 2025-10-03 03:52:11 -0400 dependabot[bot]: Bump github/codeql-action from 3.30.4 to 3.30.6 (#270) Such activity can make it look like the component is under active maintenance, when in fact it is largely mostly automated changes. It looks to be possible to run dependabot on demand: Insights/Dependancy Graph/Dependabot/Recent update jobs/Check for updates > Emmmanuel Bourg > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
